CVE-2024-24583 - Vulnerability Details - OpenCVE

Multiple out-of-bounds read vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.This vulnerabilitty concerns the`readMSH` function while processing `MshLoader::ELEMENT_TRI` elements.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Libigl	Libigl

Configuration 1 [-]

cpe:2.3:a:libigl:libigl:2.5.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1928
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1928

History

Tue, 11 Feb 2025 22:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Libigl Libigl libigl
CPEs		cpe:2.3:a:libigl:libigl:2.5.0:::::::*
Vendors & Products		Libigl Libigl libigl

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2024-05-28T14:02:40.872Z

Updated: 2025-02-13T17:40:15.459Z

Reserved: 2024-01-25T20:01:58.463Z

Link: CVE-2024-24583

Vulnrichment

Updated: 2024-08-01T23:19:52.953Z

NVD

Status : Analyzed

Published: 2024-05-28T14:15:11.380

Modified: 2025-02-11T22:25:31.757

Link: CVE-2024-24583

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-24583", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2024-01-25T20:01:58.463Z", "datePublished": "2024-05-28T14:02:40.872Z", "dateUpdated": "2025-02-13T17:40:15.459Z"}, "containers": {"cna": {"affected": [{"vendor": "libigl", "product": "libigl", "versions": [{"version": "v2.5.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Multiple out-of-bounds read vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.This vulnerabilitty concerns the`readMSH` function while processing `MshLoader::ELEMENT_TRI` elements."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-125: Out-of-bounds Read", "type": "CWE", "cweId": "CWE-125"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-06-10T16:08:06.005Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1928", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1928"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1928"}], "credits": [{"lang": "en", "value": "Discovered by Philippe Laulheret of Cisco Talos."}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-24583", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-28T19:11:00.484766Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:43:04.897Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:19:52.953Z"}, "title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1928", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1928", "tags": ["x_transferred"]}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1928", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1928", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1928", "tags": ["x_transferred"]}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1928", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:19:52.953Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-24583", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-28T19:11:00.484766Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-28T19:11:53.837Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"credits": [{"lang": "en", "value": "Discovered by Philippe Laulheret of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "libigl", "product": "libigl", "versions": [{"status": "affected", "version": "v2.5.0"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1928", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1928"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1928"}], "descriptions": [{"lang": "en", "value": "Multiple out-of-bounds read vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.This vulnerabilitty concerns the`readMSH` function while processing `MshLoader::ELEMENT_TRI` elements."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-05-28T14:02:40.872Z"}}}, "cveMetadata": {"cveId": "CVE-2024-24583", "state": "PUBLISHED", "dateUpdated": "2024-08-01T23:19:52.953Z", "dateReserved": "2024-01-25T20:01:58.463Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2024-05-28T14:02:40.872Z", "assignerShortName": "talos"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libigl:libigl:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "91BC184E-2C02-40C5-BA95-B2ADCF16C366", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple out-of-bounds read vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.This vulnerabilitty concerns the`readMSH` function while processing `MshLoader::ELEMENT_TRI` elements."}, {"lang": "es", "value": "Existen m\u00faltiples vulnerabilidades de lectura fuera de los l\u00edmites en la funcionalidad readMSH de libigl v2.5.0. Un archivo .msh especialmente manipulado puede provocar una lectura fuera de los l\u00edmites. Un atacante puede proporcionar un archivo malicioso para desencadenar esta vulnerabilidad. Esta vulnerabilidad afecta a la funci\u00f3n `readMSH` mientras procesa elementos `MshLoader::ELEMENT_TRI`."}], "id": "CVE-2024-24583", "lastModified": "2025-02-11T22:25:31.757", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2024-05-28T14:15:11.380", "references": [{"source": "talos-cna@cisco.com", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1928"}, {"source": "talos-cna@cisco.com", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1928"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1928"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1928"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}